<?php
/******************************
 * EQdkp
 * Copyright 2002-2003
 * Licensed under the GNU GPL.  See COPYING for full terms.
 * ------------------
 * addturnin.php
 * Began: Sat January 4 2003
 * 
 * $Id: addturnin.php 541 2008-05-20 06:56:16Z rspeicher $
 * 
 ******************************/
 
define('EQDKP_INC', true);
define('IN_ADMIN', true);
$eqdkp_root_path = './../';
include_once($eqdkp_root_path . 'common.php');

$fv = new Form_Validate;

// Start session management
$user->start();
$user->setup();
$user->check_auth('a_turnin_add');

// Figure out what submit button was pressed
$add     = ( isset($_POST['add']) ) ? true : false;
$proceed = ( isset($_POST['proceed']) ) ? true : false;

if ( $add )
{
    $_POST = htmlspecialchars_array($_POST);
    $action = 'turnin';
}
elseif ( $proceed )
{
    $_POST = htmlspecialchars_array($_POST);
    $action = 'step2';
    
    if ( ($_POST['turnin_from'] == $_POST['turnin_to']) || (empty($_POST['turnin_from'])) || (empty($_POST['turnin_to'])) )
    {
        $fv->errors['turnin_from'] = $user->lang['fv_difference_turnin'];
        $fv->errors['turnin_to'] = $user->lang['fv_difference_turnin'];
    }
    
    $turnin = array(
        'from' => post_or_db('turnin_from', false),
        'to' => post_or_db('turnin_to', false)
    );
    
    if ( $fv->is_error() )
    {
        $action = 'step1';
    }
}
else
{
    $action = 'step1';
    
    $turnin = array(
        'from' => post_or_db('turnin_from', false),
        'to' => post_or_db('turnin_to', false)
    );
}

//
// Processing
//
switch ( $action )
{
    case 'turnin':
        $sql = 'SELECT item_value, item_name
                FROM ' . ITEMS_TABLE . "
                WHERE item_id='".$_POST['item_id']."'";
        $result = $db->query($sql);
        $row = $db->fetch_record($result);
        
        $item_value = ( !empty($row['item_value']) ) ? $row['item_value'] : '0.00';
        
        // Remove the price from the 'From' member
        $sql = 'UPDATE ' . MEMBERS_TABLE . '
                SET member_spent = member_spent-'.$item_value."
                WHERE member_name='".$_POST['from']."'";
        $db->query($sql);
        
        // Add the price to the 'To' member
        $sql = 'UPDATE ' . MEMBERS_TABLE . '
                SET member_spent = member_spent+'.$item_value."
                WHERE member_name='".$_POST['to']."'";
        $db->query($sql);
        
        // Change the buyer
        $sql = 'UPDATE ' . ITEMS_TABLE . "
                SET item_buyer='".$_POST['to']."' 
                WHERE item_id='".$_POST['item_id']."'";
        $db->query($sql);
        
        $log_action = array(
            'header' => '{L_ACTION_TURNIN_ADDED}',
            '{L_ITEM}' => addslashes($row['item_name']),
            '{L_VALUE}' => $item_value,
            '{L_FROM}' => $_POST['from'],
            '{L_TO}' => $_POST['to'],
            '{L_ADDED_BY}' => $user->data['username']);
        $eqdkp->log_insert(array(
            'log_type' => $log_action['header'],
            'log_action' => $eqdkp->make_log_action($log_action),
            'log_ipaddress' => $user->ip,
            'log_sid' => $user->session_id,
            'log_result' => '{L_SUCCESS}',
            'admin_id' => $user->data['user_id'])
        );
        
        $success_message = sprintf($user->lang['admin_add_turnin_success'], $row['item_name'], $_POST['from'], $_POST['to']);
        message_die(stripslashes($success_message));
        
        break;
    case 'step2':
        $max_value = $db->query_first('SELECT max(item_value) FROM ' . ITEMS_TABLE . " WHERE item_buyer='".$_POST['turnin_from']."'");
        $float = @explode('.', $max_value);
        $format = '%0'.@strlen($float[0]).'.2f';
        
        $sql = 'SELECT item_id, item_name, item_value
                FROM ' . ITEMS_TABLE . " 
                WHERE item_buyer='".$_POST['turnin_from']."'
                ORDER BY item_name";
        $result = $db->query($sql);
        while ( $row = $db->fetch_record($result) )
        {
            $tpl->assign_block_vars('items_row', array(
                'VALUE' => $row['item_id'],
                'OPTION' => '(' . sprintf($format, $row['item_value']) . ') - ' . stripslashes($row['item_name']))
            );
        }
        
        $tpl->assign_vars(array(
            'F_ADD_TURNIN' => 'addturnin.php'.$SID,
            
            'S_STEP1' => false,
            'FROM' => $turnin['from'],
            'TO' => $turnin['to'],
            'TURNIN_FROM' => $turnin['from'],
            'TURNIN_TO' => $turnin['to'],
            
            'L_ADD_TURNIN_TITLE' => sprintf($user->lang['addturnin_title'], '2'),
            'L_FROM' => $user->lang['from'],
            'L_TO' => $user->lang['to'],
            'L_ADD_TURNIN' => $user->lang['add_turnin'],
            'L_ITEM' => $user->lang['item'],
            
            'FV_TURNIN_FROM' => $fv->generate_error('turnin_from'),
            'FV_TURNIN_TO' => $fv->generate_error('turnin_to'),
            
            'MSG_FROM_TO_SAME' => $user->lang['fv_difference_turnin'])
        );
        
        $page_title = sprintf($user->lang['admin_title_prefix'], $eqdkp->config['guildtag'], $eqdkp->config['dkp_name']).': '.sprintf($user->lang['addturnin_title'], '2');
        include_once($eqdkp_root_path . 'includes/page_header.php');
        
        $tpl->set_filenames(array(
            'body' => 'admin/addturnin.html')
        );
        
        include_once($eqdkp_root_path . 'includes/page_tail.php');
        break;
    case 'step1':
        $sql = 'SELECT member_name
                FROM ' . MEMBERS_TABLE . '
                ORDER BY member_name';
        $result = $db->query($sql);
        while ( $row = $db->fetch_record($result) )
        {
            $tpl->assign_block_vars('turnin_from_row', array(
                'VALUE' => $row['member_name'],
                'SELECTED' => ( $turnin['from'] == $row['member_name'] ) ? ' selected="selected"' : '',
                'OPTION' => $row['member_name'])
            );
            
            $tpl->assign_block_vars('turnin_to_row', array(
                'VALUE' => $row['member_name'],
                'SELECTED' => ( $turnin['to'] == $row['member_name'] ) ? ' selected="selected"' : '',
                'OPTION' => $row['member_name'])
            );
        }
        
        $tpl->assign_vars(array(
            'F_ADD_TURNIN' => 'addturnin.php'.$SID,
            
            'S_STEP1' => true,
            'FROM' => $turnin['from'],
            'TO' => $turnin['to'],
            
            'L_ADD_TURNIN_TITLE' => sprintf($user->lang['addturnin_title'], '1'),
            'L_FROM' => $user->lang['from'],
            'L_TO' => $user->lang['to'],
            'L_PROCEED' => $user->lang['proceed'],
            
            'FV_TURNIN_FROM' => $fv->generate_error('turnin_from'),
            'FV_TURNIN_TO' => $fv->generate_error('turnin_to'),
            
            'MSG_FROM_TO_SAME' => $user->lang['fv_difference_turnin'])
        );
        
        $page_title = sprintf($user->lang['admin_title_prefix'], $eqdkp->config['guildtag'], $eqdkp->config['dkp_name']).': '.sprintf($user->lang['addturnin_title'], '1');
        include_once($eqdkp_root_path . 'includes/page_header.php');
        
        $tpl->set_filenames(array(
            'body' => 'admin/addturnin.html')
        );
        
        include_once($eqdkp_root_path . 'includes/page_tail.php');
        break;
}
?>